Using runtime execution file system and registry artifacts to identify whether code is malware is highly computationally expensive. Moreover, this type of analysis may be effectively circumvented by subsequent malware authors.